diff options
| author | Stephen D. Smalley <sds@epoch.ncsc.mil> | 2005-01-04 05:40:12 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@ppc970.osdl.org> | 2005-01-04 05:40:12 -0800 |
| commit | 8a6f1605522c084e78033573cfa104a921defdf6 (patch) | |
| tree | c80239c17a40760b506f7504e23f03513a771d97 /security | |
| parent | 260cac5976273699736dc6d2573f647d20a72d44 (diff) | |
[PATCH] SELinux: update selinux_task_setscheduler
This patch updates the selinux_task_setscheduler hook function to use the
standard helper for task permission checks since it is now safe to audit from
this hook (due to the upstream change to setscheduler() to not hold the
runqueue lock during the security hook call).
Signed-off-by: Stephen Smalley <sds@epoch.ncsc.mil>
Signed-off-by: James Morris <jmorris@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'security')
| -rw-r--r-- | security/selinux/hooks.c | 11 |
1 files changed, 1 insertions, 10 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 02c4889545e2..822d1c7b9386 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2686,16 +2686,7 @@ static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim static int selinux_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp) { - struct task_security_struct *tsec1, *tsec2; - - tsec1 = current->security; - tsec2 = p->security; - - /* No auditing from the setscheduler hook, since the runqueue lock - is held and the system will deadlock if we try to log an audit - message. */ - return avc_has_perm_noaudit(tsec1->sid, tsec2->sid, - SECCLASS_PROCESS, PROCESS__SETSCHED, NULL); + return task_has_perm(current, p, PROCESS__SETSCHED); } static int selinux_task_getscheduler(struct task_struct *p) |